﻿<?php
ob_start();
session_start();
include 'consql.php';
if(isset($_POST["name"])&&isset($_POST["password"])){
	$name=$_POST["name"];
	$password=$_POST["password"];
	$read=fopen("pre.txt","r");$pre=fread($read,filesize("pre.txt"));
	//echo "<center>";
	if(strpos($name,"'")===false&&strpos($password,"'")===false&&strpos($name,"`")===false&&strpos($password,"`")===false&&strpos($name,"-")===false&&strpos($password,"-")===false){
		
	
	$pass=md5($password);
	$cmd=mysql_query("select * from " . $pre . "user where name='$name' and password='$pass'");
	if($row=mysql_fetch_array($cmd)){
		$_SESSION["user"]=$name;
		
		$file=fopen("log.txt","a");
		include 'lib/time.php';
		fwrite($file,"\r\n" . $time . ":'$name' is login.");
	
		header("location:user/index.php");
		exit;
	}else{
		echo "<center>用户名或者密码错误！请返回重新输入！</center>";
		exit;
	}
	}else{
		echo "<center>请勿尝试SQL注入！我还不懂你这招？！</center>";
		exit;
	}
}

?>
<title>免费静态空间</title>
<body>
<center>

<h1>免费无限容量快速静态空间</h1>
<h3><font color="#00B2EE">登录到你的管理控制台</font></h3><br/>
<form action="" method="post">
请输入你的用户名:<input type="text" name="name"><br/><br/>
请输入你的密码：<input type="password" name="password"><br/><br/>
<input type="submit" value="现在登录！">

</form>
<br/><br/><br/>
<a href="index.php" target="_blank"><font color="66ff33">没有账号？马上注册！</font></a>

</center>